Table of Contents
Advertisement
Virtual Private Networks (VPN)
8. (Optional) Enable Force UDP encapsulation to force the tunnel to use UDP encapsulation
even when it does not detect that NAT is being used.
9. For Zone, select the firewall zone for the IPsec tunnel. Generally this should be left at the
default of IPsec.
Note
Depending on your network configuration, you may need to add a packet filtering rule to
allow incoming traffic. For example, for the IPsec zone:
a. Click to expand Firewall > Packet filtering.
b. For Add packet filter, click .
c. For Label, type Allow incoming IPsec traffic.
d. For Source zone, select IPsec.
Leave all other fields at their default settings.
10. For Metric, enter or select the priority of routes associated with this IPsec tunnel. When more
than one active route matches a destination, the route with the lowest metric is used.
The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See
Configure IPsec failover
11. For Mode, select Tunnel mode. Transport mode is not currently supported.
12. Select the Mode, either:
Tunnel mode: The entire IP packet is encrypted and/or authenticated and then
n
encapsulated as the payload in a new IP packet.
Transport mode: Only the payload of the IP packet is encrypted and/or authenticated.
n
The IP header is unencrypted.
13. Select the Protocol, either:
ESP (Encapsulating Security Payload): Provides encryption as well as authentication
n
and integrity.
AH (Authentication Header): Provides authentication and integrity only.
n
14. Click to expand Authentication.
a. For Authentication type, select one of the following:
n
Digi Connect EZ Mini User Guide
for more information.
Pre-shared key: Uses a pre-shared key (PSK) to authenticate with the remote peer.
i. Type the Pre-shared key.
IPsec
127
Advertisement
Table of Contents
